From 56b7aa6ca64652cf2580ce71cb6fc756dcc1732c Mon Sep 17 00:00:00 2001 From: 1 <1@72wo.cn> Date: Tue, 27 Jan 2026 06:10:17 +0000 Subject: [PATCH] 1 --- .woodpecker/my-first-workflow.yaml | 155 ++++++++++++++--------------- 1 file changed, 76 insertions(+), 79 deletions(-) diff --git a/.woodpecker/my-first-workflow.yaml b/.woodpecker/my-first-workflow.yaml index 7b62b5839..ae5a367c9 100644 --- a/.woodpecker/my-first-workflow.yaml +++ b/.woodpecker/my-first-workflow.yaml @@ -1,9 +1,8 @@ -# 触发条件:仅push、manual手动触发,分支限定main +# 触发条件:仅push、manual手动触发,分支限定main(修正格式错误) when: - event: - - push - - manual - branch: main + - event: push + - event: manual + branch: main skip_clone: true @@ -14,37 +13,45 @@ variables: JSON_CONFIG_URL: "https://你的JSON配置地址.com/deploy.json" LOG_PATH: "$HOME/run.log" -# 流水线核心步骤 +# 流水线核心步骤:理顺依赖链,确保build依赖clone结果 steps: - # 1. 替代clone:拉取代码(核心基础步骤) + # ========== 1. 替代clone:拉取代码(核心依赖) ========== prepare: image: debian:bookworm - environment: + environment: from_secret: WOODPECKER_SSH_KEY: WOODPECKER_SSH_KEY commands: - - apt update -y + - apt update # 安装完整依赖(解决SSH/libcrypto问题) - - apt install -y ca-certificates curl git openssh-client openssl libssl-dev --no-install-recommends - # 清理旧SSH文件+初始化目录(严格权限) + - apt install -y ca-certificates curl git openssh-client openssl libssl-dev + # 清理旧SSH文件,严格配置权限 - rm -rf /root/.ssh/* - mkdir -p /root/.ssh && chmod 700 /root/.ssh - # 写入ED25519密钥(修复YAML语法+EOF顶格) + # 写入并清理SSH密钥(兼容RSA/ED25519,保留原始换行) + # 替换原echo "$WOODPECKER_SSH_KEY"那行,其余ssh配置不变 + # ========== 关键修改:SSH密钥写入逻辑(核心修复) ========== + # 替换原echo命令,用cat+EOF保留密钥原始换行,避免格式损坏 - | if [ -n "$WOODPECKER_SSH_KEY" ]; then - cat > /root/.ssh/id_ed25519 << EOF -$WOODPECKER_SSH_KEY -EOF + # 写入ED25519密钥(保留原始格式,单引号EOF避免转义) + cat > /root/.ssh/id_ed25519 << 'EOF' + $WOODPECKER_SSH_KEY + EOF chmod 600 /root/.ssh/id_ed25519 echo "✅ ED25519密钥写入完成" - fi + + + + - chmod 600 /root/.ssh/id_ed25519 # 添加GitHub主机密钥(完整覆盖,避免重复) - ssh-keyscan -H github.com > /root/.ssh/known_hosts - chmod 600 /root/.ssh/known_hosts - # 检查私钥是否能被解析(关键测试) +# 检查私钥是否能被解析(关键测试) - ssh-keygen -lf /root/.ssh/id_ed25519 - # 尝试SSH连接GitHub(详细日志,排查连接问题) - echo "🔍 尝试SSH连接GitHub(详细日志)..." +# 重新执行命令(取消输出屏蔽),查看具体错误 + - ssh -vvv -i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new git@github.com 2>&1 # 拉取代码(拆分命令,避免静默失败) - git init @@ -54,43 +61,42 @@ EOF - git checkout $CI_REPO_DEFAULT_BRANCH - echo "✅ 代码拉取完成" - # 2. 初始化Go环境(依赖prepare:代码拉取完成) + # ========== 2. 初始化Go环境(依赖prepare:代码拉取完成) ========== prepare-go: image: golang:1.25 - depends_on: [prepare] + depends_on: [prepare] # 明确依赖:先拉代码,再初始化Go commands: - go version - go mod download -x - go mod verify - echo "✅ Go环境初始化完成" - # 3. 生成版本号(依赖prepare-go:Go环境就绪) + # ========== 3. 生成版本号(依赖prepare-go:Go环境就绪) ========== set-version: image: golang:1.25 - depends_on: [prepare-go] + depends_on: [prepare-go] # 明确依赖:Go环境就绪后生成版本号 commands: - | if [ -n "${CI_COMMIT_TAG}" ]; then VERSION="${CI_COMMIT_TAG}" else - VERSION="v$(git rev-parse --short=8 HEAD)" + VERSION="v$(git rev-parse --short=8 HEAD)" # 依赖prepare拉取的代码 fi echo "BUILD_VERSION=${VERSION}" >> $CI_ENV_FILE echo "✅ 生成版本号:${VERSION}" - # 4. 编译Go服务(依赖set-version:版本号生成后编译) + # ========== 4. 编译Go服务(核心依赖:prepare+prepare-go+set-version) ========== build_logic: image: golang:1.25 - depends_on: [set-version] + depends_on: [set-version] # 明确依赖:版本号生成后再编译 environment: CGO_ENABLED: 0 GO111MODULE: on GOSUMDB: off commands: - mkdir -p build - - BIN_NAME="logic_${BUILD_VERSION}" + - BIN_NAME="logic_${BUILD_VERSION}" # 依赖set-version的BUILD_VERSION - echo "BIN_NAME=${BIN_NAME}" >> $CI_ENV_FILE - # 编译Go服务(静态编译,瘦身产物) - | go build -v \ -p=4 \ @@ -98,8 +104,7 @@ EOF -buildvcs=false \ -ldflags "-s -w -buildid= -extldflags '-static' -X main.version=${BUILD_VERSION}" \ -o ./build/${BIN_NAME} \ - ./logic - # 校验编译产物 + ./logic # 依赖prepare拉取的./logic代码目录 - | if [ ! -f ./build/${BIN_NAME} ]; then echo "❌ 编译失败:产物${BIN_NAME}不存在" @@ -109,14 +114,13 @@ EOF - ./build/${BIN_NAME} -v || true - echo "✅ Go服务编译完成" - # 5. 拉取部署配置(依赖prepare,可与编译并行) + # ========== 5. 拉取部署配置(可并行,依赖prepare确保代码拉取完成) ========== fetch-deploy-config: image: alpine:latest - depends_on: [prepare] + depends_on: [prepare] # 确保代码拉取完成后再拉配置 commands: - apk add --no-cache curl jq - echo "🔧 拉取部署配置:${JSON_CONFIG_URL}" - # 重试拉取配置(3次重试,避免网络问题) - | for i in 1 2 3; do curl -sSL --connect-timeout 10 ${JSON_CONFIG_URL} -o /tmp/deploy-config.json && break @@ -124,24 +128,22 @@ EOF sleep 2 done if [ ! -f /tmp/deploy-config.json ]; then - echo "❌ 拉取JSON配置失败" + echo "❌ 拉取JSON失败" exit 1 fi - # 解析JSON配置(兼容数组/对象格式) - | JSON_TYPE=$(jq -r 'type' /tmp/deploy-config.json) if [ "$JSON_TYPE" = "array" ]; then - REMOTE_HOSTS=$(jq -r '.[].loginaddr' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//') - REMOTE_USERS=$(jq -r '.[].user' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//') - REMOTE_PASSWORDS=$(jq -r '.[].password' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//') - REMOTE_ONLINE_IDS=$(jq -r '.[].online_id' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//') + REMOTE_HOSTS=$(jq -r '.[].loginaddr' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//') + REMOTE_USERS=$(jq -r '.[].user' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//') + REMOTE_PASSWORDS=$(jq -r '.[].password' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//') + REMOTE_ONLINE_IDS=$(jq -r '.[].online_id' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//') else - REMOTE_HOSTS=$(jq -r '.loginaddr' /tmp/deploy-config.json) - REMOTE_USERS=$(jq -r '.user' /tmp/deploy-config.json) - REMOTE_PASSWORDS=$(jq -r '.password' /tmp/deploy-config.json) - REMOTE_ONLINE_IDS=$(jq -r '.online_id' /tmp/deploy-config.json) + REMOTE_HOSTS=$(jq -r '.loginaddr' /tmp/deploy-config.json) + REMOTE_USERS=$(jq -r '.user' /tmp/deploy-config.json) + REMOTE_PASSWORDS=$(jq -r '.password' /tmp/deploy-config.json) + REMOTE_ONLINE_IDS=$(jq -r '.online_id' /tmp/deploy-config.json) fi - # 校验解析结果 - | if [ -z "$REMOTE_HOSTS" ] || [ -z "$REMOTE_USERS" ]; then echo "❌ 解析配置失败:服务器/用户名为空" @@ -149,13 +151,12 @@ EOF exit 1 fi - echo "✅ 配置解析完成 | 服务器:${REMOTE_HOSTS} | OnlineID:${REMOTE_ONLINE_IDS}" - # 写入环境变量供后续步骤使用 - echo "REMOTE_HOSTS=${REMOTE_HOSTS}" >> $CI_ENV_FILE - echo "REMOTE_USERS=${REMOTE_USERS}" >> $CI_ENV_FILE - echo "REMOTE_PASSWORDS=${REMOTE_PASSWORDS}" >> $CI_ENV_FILE - echo "REMOTE_ONLINE_IDS=${REMOTE_ONLINE_IDS}" >> $CI_ENV_FILE - # 6. SCP推送编译产物(依赖编译+配置解析完成) + # ========== 6. SCP推送产物(依赖编译+配置解析) ========== scp-exe-to-servers: image: appleboy/drone-scp:1.6.2 settings: @@ -171,7 +172,7 @@ EOF - build_logic - fetch-deploy-config - # 7. 远程部署启动服务(依赖SCP推送完成) + # ========== 7. 远程部署(依赖SCP推送) ========== deploy-to-servers: image: appleboy/drone-ssh:1.7.0 settings: @@ -182,55 +183,51 @@ EOF timeout: 60s script: - | - # 安装Screen(兼容apt/yum/dnf) if command -v screen &> /dev/null; then - echo "✅ Screen已安装" + echo "✅ Screen已安装" else - echo "🔧 安装Screen..." - if command -v apt &> /dev/null; then - apt update -y && apt install -y screen -qq --no-install-recommends - elif command -v yum &> /dev/null; then - yum install -y screen -q - elif command -v dnf &> /dev/null; then - dnf install -y screen -q - else - echo "❌ 不支持的包管理器,Screen安装失败" - exit 1 - fi - command -v screen || { echo "❌ Screen安装后检测失败"; exit 1; } + echo "🔧 安装Screen..." + if command -v apt &> /dev/null; then + apt update -y && apt install -y screen -qq + elif command -v yum &> /dev/null; then + yum install -y screen -q + elif command -v dnf &> /dev/null; then + dnf install -y screen -q + else + echo "❌ 不支持的包管理器,安装失败" + exit 1 + fi + command -v screen || { echo "❌ Screen安装后检测失败"; exit 1; } fi - mkdir -p ${REMOTE_EXE_DIR} - - chmod +x ${REMOTE_EXE_DIR}/${BIN_NAME} || { echo "❌ 设置程序执行权限失败"; exit 1; } - # 优雅停止旧服务(无会话则跳过) + - chmod +x ${REMOTE_EXE_DIR}/${BIN_NAME} || { echo "❌ 设置执行权限失败"; exit 1; } - screen -S ${SCREEN_NAME} -X quit || true - # 启动新服务并日志持久化 - | echo "🚀 启动程序:${REMOTE_EXE_DIR}/${BIN_NAME} -id=${REMOTE_ONLINE_IDS}" screen -dmS ${SCREEN_NAME} bash -c "\"${REMOTE_EXE_DIR}/${BIN_NAME}\" -id=${REMOTE_ONLINE_IDS} | tee -a ${LOG_PATH}" sleep 2 - # 校验启动结果 - - | if screen -ls | grep -q "${SCREEN_NAME}"; then - echo "✅ 服务启动成功!Screen会话信息:" - screen -ls + echo "✅ 启动成功!Screen会话:" + screen -ls else - echo "❌ 服务启动失败,无${SCREEN_NAME}会话" - screen -ls && exit 1 + echo "❌ 启动失败,无${SCREEN_NAME}会话" + screen -ls && exit 1 fi + depends_on: [scp-exe-to-servers] - # 8. 打印部署汇总信息(依赖部署完成) + # ========== 8. 打印部署汇总(依赖部署完成) ========== print-deploy-info: image: alpine:latest depends_on: [deploy-to-servers] commands: - echo "======================================" - - echo "🎉 全量部署流程执行完成!" - - echo "📌 部署版本号:${BUILD_VERSION}" - - echo "📌 触发事件类型:${CI_EVENT_NAME}" - - echo "📌 目标部署服务器:${REMOTE_HOSTS}" - - echo "📌 服务OnlineID:${REMOTE_ONLINE_IDS}" - - echo "📌 Screen会话名称:${SCREEN_NAME}" - - echo "📌 程序部署目录:${REMOTE_EXE_DIR}" - - echo "📌 服务日志路径:${LOG_PATH}" - - echo "📌 对应Git Commit:${CI_COMMIT_SHA:0:8}" + - echo "🎉 全量部署完成!" + - echo "📌 版本号:${BUILD_VERSION}" + - echo "📌 触发方式:${CI_EVENT_NAME}" + - echo "📌 部署服务器:${REMOTE_HOSTS}" + - echo "📌 OnlineID:${REMOTE_ONLINE_IDS}" + - echo "📌 Screen会话:${SCREEN_NAME}" + - echo "📌 程序目录:${REMOTE_EXE_DIR}" + - echo "📌 日志路径:${LOG_PATH}" + - echo "📌 对应Commit:${CI_COMMIT_SHA}" - echo "======================================"